From a1c2b2fb2f18527051db2f5709d7e2cbec2b17a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marc=20Andr=C3=A9=20Tanner?= Date: Mon, 20 Feb 2017 13:45:38 +0100 Subject: buffer: fix integer overflow issue --- buffer.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'buffer.c') diff --git a/buffer.c b/buffer.c index a3403fd..6e3dc9d 100644 --- a/buffer.c +++ b/buffer.c @@ -65,9 +65,10 @@ bool buffer_put0(Buffer *buf, const char *data) { } bool buffer_remove(Buffer *buf, size_t pos, size_t len) { + size_t end; if (len == 0) return true; - if (pos + len > buf->len) + if (!addu(pos, len, &end) || end > buf->len) return false; memmove(buf->data + pos, buf->data + pos + len, buf->len - pos - len); buf->len -= len; -- cgit v1.2.3